[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] TELUS Security Labs VR - Novell ZENworks Handheld
From: TELUS Security Labs - Vulnerability Research <noreply () telus ! com>
Date: 2011-01-28 19:35:41
Message-ID: 20110128193541.ECF6568019A () sticky ! vrt ! telus ! com
[Download RAW message or body]
Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow
TSL ID: FSC20110125-06
1. Affected Software
Novell ZENworks Handheld Management 7.0
Reference: http://www.novell.com/products/zenworks/handhelds
2. Vulnerability Summary
A buffer overflow vulnerability exists in Novell ZENworks Handheld Management that could be \
exploited by remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges \
on a vulnerable server.
3. Vulnerability Analysis
The vulnerability is due to a boundary error in the IP Conduit Service, ZfHIPCND.exe. If a \
crafted packet is sent to the service on port 2400/TCP, it allocates a fixed size heap buffer \
and copies the client device information into it without validating the string size. This could \
be exploited by attackers to overflow the buffer and possibly execute arbitrary code with the \
privileges of the ZfHIPCND.exe service, by default SYSTEM.
4. Vulnerability Detection
TELUS Security Labs has confirmed the vulnerability in:
ZENworks Handheld Management 7.0 (ZfHIPCND.exe version 7.0.2.1029 Build 10/29/10)
5. Workaround
Do not allow untrusted hosts to access the vulnerable service.
6. Vendor Response
Patches have been made available by the vendor to eliminate this vulnerability:
http://www.novell.com/support/viewContent.do?externalId=7007663
http://download.novell.com/Download?buildid=x_x4cdA5yT8~
7. Disclosure Timeline
2010-12-21 Reported to the vendor
2010-12-21 Vendor response
2011-01-25 Vendor released patches and advisory
2011-01-26 Published TSL advisory
8. Credits
Junaid Bohio of Vulnerability Research Team, TELUS Security Labs
9. References
CVE: Not available
Vendor: http://www.novell.com/support/viewContent.do?externalId=7007663
http://telussecuritylabs.com/threats/show/FSC20110125-06
10. About TELUS Security Labs
TELUS Security Labs, formerly Assurent Secure Technologies is the leading provider of security \
research. Our research services include:
* Vulnerability Research
* Malware Research
* Signature Development
* Shellcode Exploit Development
* Application Protocols
* Product Security Testing
* Security Content Development (parsers, reports, alerts)
TELUS Security Labs provides a specialized portfolio of services to assist security product \
vendors with newly discovered commercial product vulnerabilities and malware attacks. Many of \
our services are provided on a subscription basis to reduce research costs for our customers. \
Over 50 of the world's leading security product vendors rely on TELUS Security Labs research.
http://telussecuritylabs.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic